Security consultant Mark Burnett has just published 10 million passwords along with their corresponding usernames. It's a thoughtful offering to other researchers – but a legally risky one given the current hacking hoo-ha.